Does anyone have thoughts on how to kick off an e-mail on SSH login? -Jason
At Mon, 2 Nov 2009 14:14:10 -0800 CentOS mailing list <centos at centos.org> wrote:> > Does anyone have thoughts on how to kick off an e-mail on SSH login?Probably in ~/.bash_login, ~/.login, or ~/.profile, after checking various environment variables, etc.> > -Jason > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller at deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
ML wrote:> Does anyone have thoughts on how to kick off an e-mail on SSH login? >If you wanted a somewhat extensible way to do it, Splunk can, the free version allows up to 500MB of data to be indexed per day.. Otherwise a script that monitors the log. Another way(not sure how reliable) is to put a command in the system-wide "dot files" of the shell(s) that are run by your users so that it is run when they login. nate
On Mon, Nov 02, 2009 at 02:14:10PM -0800, ML wrote:> Does anyone have thoughts on how to kick off an e-mail on SSH login?For security auditing purposes? You could probably do this by watching /var/log/secure, or even use something like pam_exec. Ray
On Mon, Nov 02, 2009, Ray Van Dolson wrote:>On Mon, Nov 02, 2009 at 02:14:10PM -0800, ML wrote: >> Does anyone have thoughts on how to kick off an e-mail on SSH login? > >For security auditing purposes? > >You could probably do this by watching /var/log/secure, or even use >something like pam_exec.We use swatch for this. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 Only government can take perfectly good paper, cover it with perfectly good ink and make the combination worthless. -- Milton Friedman
2009/11/2 ML <mailinglists at mailnewsrss.com>:> Does anyone have thoughts on how to kick off an e-mail on SSH login?Make SSH use PAM for authentication and use the pam_preprofile[1] module to execute and appropriate script. You should test with public/private key logins to ensure that it also works for those. Ben [1] http://www.kernel.org/pub/linux/libs/pam/pre/modules/pam_preprofile.tgz
ML wrote:> Does anyone have thoughts on how to kick off an e-mail on SSH login? > > -JasonIf you don't mind making the jump to syslog-ng it's fairly simple to filter ssh login lines to an external script that sends out emails. With stock syslog you could log auth to a named pipe and slurp that up with a similar script. That said, hooking into pam as has been suggested sounds like the best bet. -- Andrew Norris Systems Administrator Locus Telecommunications andrewn at locus.net (201)-947-2807 ext. 1135
On Mon, 2 Nov 2009, ML wrote:> Does anyone have thoughts on how to kick off an e-mail on SSH login?one assumes, without them being able to over-ride such notification, or even being aware of such ... inotify, watching that end user's directory for an atime change, comes to mind -- Russ herrold